Archives
/
lokinet
mirror of https://github.com/oxen-io/lokinet
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

don't sign traffic

Browse Source
pull/68/head
Jeff Becker 6 years ago
parent 1f96584c94
commit 2bd2815290
No known key found for this signature in database
GPG Key ID: F357B3B42F6F9B05
11 changed files with 32 additions and 129 deletions
Show Stats Download Patch File Download Diff File

14
docs/proto_v0.txt
Unescape Escape View File

@ -742,20 +742,14 @@ transfer ip traffic
A: "I",
S: uint64_sequence_number,
V: 0,
X: "<N bytes ip packet>",
Y: "<16 bytes nonce>",
Z: "<64 bytes signature using previously provided signing key>"
X: "<N bytes ip packet>"
}
X is parsed as an IP packet and the source addresss is extracted.
Next we find the corrisponding signing key for a previously granted address
and use it to validate the siganture of the entire message. If the signing key
cannot be found or the signature is invalid this message is dropped, otherwise
the X value is sent on the appropriate network interface.
X is parsed as an IP packet and the source addresss is extracted and sent on the
appropriate network interface.
When we recieve an ip packet from the internet to an exit address, we put it
into a TITM, signed with the router's signing key and send it downstream the
corrisponding path in an LRDM.
into a TITM, and send it downstream the corrisponding path in an LRDM.
update exit path message (UXPM)

10
include/llarp/messages/transfer_traffic.hpp
Unescape Escape View File

@ -11,11 +11,7 @@ namespace llarp
constexpr size_t MaxExitMTU = 1500;
struct TransferTrafficMessage final : public IMessage
{
using Nonce_t = AlignedBuffer< 16 >;
std::vector< byte_t > X;
Nonce_t Y;
llarp::Signature Z;
TransferTrafficMessage&
operator=(const TransferTrafficMessage& other);
@ -23,12 +19,6 @@ namespace llarp
bool
PutBuffer(llarp_buffer_t buf);
bool
Sign(llarp_crypto* c, const llarp::SecretKey& sk);
bool
Verify(llarp_crypto* c, const llarp::PubKey& pk) const;
bool
BEncode(llarp_buffer_t* buf) const override;

10
include/llarp/path.hpp
Unescape Escape View File

@ -317,12 +317,20 @@ namespace llarp
m_LastRecvMessage = now;
}
/// return true if ALL of the specified roles are supported
bool
SupportsRoles(PathRole roles) const
SupportsAllRoles(PathRole roles) const
{
return (_role & roles) == roles;
}
/// return true if ANY of the specified roles are supported
bool
SupportsAnyRoles(PathRole roles) const
{
return (_role & roles) != 0;
}
PathStatus
Status() const
{

4
include/llarp/pathset.hpp
Unescape Escape View File

@ -41,8 +41,10 @@ namespace llarp
constexpr PathRole ePathRoleInboundHS = (1 << 1);
/// exit traffic capable
constexpr PathRole ePathRoleExit = (1 << 2);
/// service node capable
constexpr PathRole ePathRoleSVC = (1 << 3);
/// dht message capable
constexpr PathRole ePathRoleDHT = (1 << 3);
constexpr PathRole ePathRoleDHT = (1 << 4);
// forward declare
struct Path;

2
llarp/exit/endpoint.cpp
Unescape Escape View File

@ -107,8 +107,6 @@ namespace llarp
if(!msg.PutBuffer(pkt.Buffer()))
return false;
msg.S = path->NextSeqNo();
if(!msg.Sign(m_Parent->Crypto(), m_Parent->Router()->identity))
return false;
if(!path->SendRoutingMessage(&msg, m_Parent->Router()))
return false;
m_RxRate += buf.sz;

6
llarp/exit/session.cpp
Unescape Escape View File

@ -52,7 +52,9 @@ namespace llarp
llarp::routing::ObtainExitMessage obtain;
obtain.S = p->NextSeqNo();
obtain.T = llarp_randint();
// TODO: set expiratation
obtain.X = 0;
// TODO: distinguish between service node traffic
obtain.E = 1;
if(!obtain.Sign(&router->crypto, m_ExitIdentity))
{
@ -102,9 +104,7 @@ namespace llarp
return false;
llarp::routing::TransferTrafficMessage transfer;
transfer.S = path->NextSeqNo();
transfer.X.resize(pkt.sz);
memcpy(transfer.X.data(), pkt.buf, pkt.sz);
if(!transfer.Sign(&router->crypto, m_ExitIdentity))
if(!transfer.PutBuffer(pkt.Buffer()))
return false;
return path->SendRoutingMessage(&transfer, router);
}

46
llarp/exit/transfer_traffic.cpp
Unescape Escape View File

@ -5,53 +5,15 @@ namespace llarp
{
namespace routing
{
bool
TransferTrafficMessage::Sign(llarp_crypto* c, const llarp::SecretKey& k)
{
byte_t tmp[MaxExitMTU + 512] = {0};
auto buf = llarp::StackBuffer< decltype(tmp) >(tmp);
// zero out sig
Z.Zero();
// randomize nonce
Y.Randomize();
if(!BEncode(&buf))
return false;
// rewind buffer
buf.sz = buf.cur - buf.base;
return c->sign(Z, k, buf);
}
TransferTrafficMessage&
TransferTrafficMessage::operator=(const TransferTrafficMessage& other)
{
Z = other.Z;
Y = other.Y;
S = other.S;
version = other.version;
X = other.X;
return *this;
}
bool
TransferTrafficMessage::Verify(llarp_crypto* c,
const llarp::PubKey& pk) const
{
byte_t tmp[MaxExitMTU + 512] = {0};
auto buf = llarp::StackBuffer< decltype(tmp) >(tmp);
// make copy
TransferTrafficMessage copy;
copy = *this;
// zero copy's sig
copy.Z.Zero();
// encode
if(!copy.BEncode(&buf))
return false;
// rewind buffer
buf.sz = buf.cur - buf.base;
// verify signature
return c->verify(pk, buf, Z);
}
bool
TransferTrafficMessage::PutBuffer(llarp_buffer_t buf)
{
@ -78,10 +40,6 @@ namespace llarp
return false;
if(!bencode_write_bytestring(buf, X.data(), X.size()))
return false;
if(!BEncodeWriteDictEntry("Y", Y, buf))
return false;
if(!BEncodeWriteDictEntry("Z", Z, buf))
return false;
return bencode_end(buf);
}
@ -89,10 +47,6 @@ namespace llarp
TransferTrafficMessage::DecodeKey(llarp_buffer_t key, llarp_buffer_t* buf)
{
bool read = false;
if(!BEncodeMaybeReadDictEntry("Z", Z, read, key, buf))
return false;
if(!BEncodeMaybeReadDictEntry("Y", Y, read, key, buf))
return false;
if(!BEncodeMaybeReadDictInt("S", S, read, key, buf))
return false;
if(!BEncodeMaybeReadDictInt("V", version, read, key, buf))

14
llarp/path.cpp
Unescape Escape View File

@ -447,12 +447,12 @@ namespace llarp
// check to see if this path is dead
if(_status == ePathEstablished)
{
if(SupportsRoles(ePathRoleExit))
if(SupportsAnyRoles(ePathRoleExit | ePathRoleSVC))
{
if(m_LastRecvMessage && now > m_LastRecvMessage
&& now - m_LastRecvMessage > PATH_ALIVE_TIMEOUT)
{
// TODO: send close message
// TODO: send close exit message
// r->routerProfiling.MarkPathFail(this);
// EnterState(ePathTimeout, now);
return;
@ -693,7 +693,7 @@ namespace llarp
llarp_router* r)
{
/// allows exits to close from their end
if(SupportsRoles(ePathRoleExit))
if(SupportsAnyRoles(ePathRoleExit | ePathRoleSVC))
{
if(msg->Verify(&r->crypto, Endpoint()))
{
@ -793,14 +793,8 @@ namespace llarp
const llarp::routing::TransferTrafficMessage* msg, llarp_router* r)
{
// check if we can handle exit data
if(!SupportsRoles(ePathRoleExit))
if(!SupportsAnyRoles(ePathRoleExit | ePathRoleSVC))
return false;
// verify sig
if(!msg->Verify(&r->crypto, Endpoint()))
{
llarp::LogError(Name(), " bad signature on inbound traffic");
return false;
}
MarkActive(r->Now());
// handle traffic if we have a handler
return m_ExitTrafficHandler

12
llarp/pathset.cpp
Unescape Escape View File

@ -25,7 +25,7 @@ namespace llarp
size_t has = 0;
for(const auto& item : m_Paths)
{
if(item.second->SupportsRoles(roles))
if(item.second->SupportsAnyRoles(roles))
{
if(!item.second->ExpiresSoon(now))
++has;
@ -79,7 +79,7 @@ namespace llarp
{
if(!item.second->IsReady())
continue;
if(!item.second->SupportsRoles(roles))
if(!item.second->SupportsAnyRoles(roles))
continue;
AlignedBuffer< 32 > localDist = item.second->Endpoint() ^ id;
if(localDist < dist)
@ -98,7 +98,7 @@ namespace llarp
auto itr = m_Paths.begin();
while(itr != m_Paths.end())
{
if(itr->second->IsReady() && itr->second->SupportsRoles(roles))
if(itr->second->IsReady() && itr->second->SupportsAnyRoles(roles))
{
if(itr->second->Endpoint() == id)
{
@ -120,7 +120,7 @@ namespace llarp
auto itr = m_Paths.begin();
while(itr != m_Paths.end())
{
if(itr->second->IsReady() && itr->second->SupportsRoles(roles))
if(itr->second->IsReady() && itr->second->SupportsAnyRoles(roles))
{
if(itr->second->Endpoint() == id)
{
@ -156,7 +156,7 @@ namespace llarp
while(itr != m_Paths.end())
{
if(itr->second->Status() == ePathEstablished
&& itr->second->SupportsRoles(roles))
&& itr->second->SupportsAnyRoles(roles))
++count;
++itr;
}
@ -279,7 +279,7 @@ namespace llarp
auto itr = m_Paths.begin();
while(itr != m_Paths.end())
{
if(itr->second->IsReady() && itr->second->SupportsRoles(roles))
if(itr->second->IsReady() && itr->second->SupportsAnyRoles(roles))
established.push_back(itr->second);
++itr;
}

14
llarp/transit_hop.cpp
Unescape Escape View File

@ -257,18 +257,10 @@ namespace llarp
auto endpoint = r->exitContext.FindEndpointForPath(info.rxID);
if(endpoint)
{
if(msg->Verify(&r->crypto, endpoint->PubKey()))
{
if(endpoint->SendOutboundTraffic(llarp::ConstBuffer(msg->X)))
return true;
else
llarp::LogError("failed to send outbound traffic for exit on ",
info);
}
if(endpoint->SendOutboundTraffic(llarp::ConstBuffer(msg->X)))
return true;
else
{
llarp::LogError("bad signature on exit traffic on ", info);
}
llarp::LogError("failed to send outbound traffic for exit on ", info);
}
else
llarp::LogError("No exit endpoint on ", info);

29
test/traffic_transfer_unittest.cpp
Unescape Escape View File

@ -5,35 +5,6 @@ using TransferTrafficMessage = llarp::routing::TransferTrafficMessage;
class TransferTrafficTest : public ::testing::Test
{
public:
llarp_crypto crypto;
llarp::SecretKey alice;
TransferTrafficTest()
{
llarp_crypto_init(&crypto);
}
~TransferTrafficTest()
{
}
void
SetUp()
{
crypto.identity_keygen(alice);
}
};
TEST_F(TransferTrafficTest, TestSignVerify)
{
TransferTrafficMessage msg;
msg.X.resize(1024);
msg.S = 100;
crypto.randbytes(msg.X.data(), 1024);
ASSERT_TRUE(msg.Sign(&crypto, alice));
ASSERT_FALSE(msg.Z.IsZero());
ASSERT_TRUE(msg.Verify(&crypto, llarp::seckey_topublic(alice)));
};
TEST_F(TransferTrafficTest, TestPutBufferOverflow)

Write Preview
Loading…
Cancel
Save